It’s no secret that data theft has become a big problem, but the extent may surprise you. A million credit card #s stolen here, a few hundred thousand social security numbers lost there – it seems like a weekly thing. Turns out, it’s a daily thing. The website attrition.org tracks data breaches and ID thefts and they are posting about one breach per day. Just this week, tens of thousands of social security numbers were exposed, lost or stolen in Montana, Alabama, and North Carolina.

And it’s not just about a single incident of data loss or theft. Things can get much worse from there. An employee of Salesforce.com who fell for a phishing scam recently opened the gates to the company’s data on thousands of customers. The data that was stolen included first and last names, company names, email addresses, and phone numbers of Salesforce customers. To make matters worse, the scammers then used that data to phish for more targets (a few took the bait) and then followed up with a round of viruses for the twice-wronged customers of Salesforce. That’s a pretty bad day, PR or otherwise.

Jim Horton, who writes the Online PR Thoughts Blog, noted Salesforce didn’t immediately own up to the failure, further damaging its reputation:

This kind of failure in the internet age is scary, and PR practitioners need to be alert to how to handle it. The first step, of course, is to stop the penetration. The second step is an apology to customers, an explanation of what happened but most importantly, the solution the company is using so it never happens again.

The Levick blog has some crisis tips for how to handle such an incident, including IDing the culprit, regular updates (saying nothing is oftentimes synonymous with admitting guilt), and outlining a gameplan for consumers.

Digital data is big business. Customer databases are shaping everything from the catalogs you get in the mail this time of year to the ads you see on your favorite web pages. Facebook, MySpace, Yahoo, Microsoft, Google – they’re all working on the magic formula for using the data we produce to “target” us effectively. Just who has me in their data banks makes me think each time I sign up for a new e-letter or send a gift from a company’s website that I’ve never used before. It’s an unavoidable deal I make every time I “check out.” But "guaranteed" transaction security and that little lock icon in my web browser can't stop a staffer on the other end from sending a giddy response to collect on his Nigerian lottery winnings.